Former president says David Schoen and Bruce Castor will now lead his defence to charges of “incitement to insurrection”.

Former US President Donald Trump has hired two new lawyers to head his defence team for his historic second impeachment trial, which is due to begin next week.

Trump’s announcement follows reports that he had abruptly parted ways with several of his impeachment lawyers.

Lawyers David Schoen and Bruce Castor will head the defence effort in the trial set to begin in the US Senate on February 9, Trump’s office said in a statement. Schoen had already been helping Trump and advisers prepare for the proceedings, according to the former president’s office.

Butch Bowers and Deborah Barberi, two South Carolina lawyers, are no longer on Trump’s team, a source familiar with the situation told the Reuters news agency on Saturday. The source described their departure as a “mutual decision”.

Castor has focused on criminal law throughout his career, while Schoen specialises in “civil rights litigation in Alabama and federal criminal defence work, including white collar and other complex cases, in New York,” the statement said.

Trump, who left office January 20, faces trial on a charge that he incited the mob that stormed the US Capitol building in an effort to block his election loss to President Joe Biden. He is due to file a response to the impeachment charges on Tuesday.

The trial is historic on two fronts, marking the first time that a president has been impeached twice and the first time that a former United States president has faced such a trial.

Schoen had already been working with the defence team, and he and Castor “agree that this impeachment is unconstitutional,” the statement said.

Schoen previously represented Trump’s former adviser Roger Stone, who was convicted in November 2019 of lying under oath to legislators investigating Russian interference in the 2016 election. Trump pardoned Stone in December 2020.

Castor is a former Pennsylvania district attorney known for his decision not to prosecute entertainer Bill Cosby in 2005 after a woman accused Cosby of sexual assault. In 2017, Castor sued Cosby’s accuser in the case for defamation, claiming she destroyed his political career in retaliation. Cosby, 83, is now serving a three-to-10-year sentence after being found guilty in a 2018 trial of drugging and raping a onetime friend at his home in 2004.

Trump has reportedly been struggling to form a defence ahead of his historic trial, facing new hurdles with just days to go.

But with only five Republicans joining all 50 Democrats this week in agreeing that the trial should go forward, it appears unlikely that 17 Republicans would vote against Trump, the minimum number needed to reach the two-thirds threshold for conviction.

Germany said on Sunday it will send medical staff and equipment to Portugal, where space in hospital intensive care units is running out after a surge in coronavirus infections.

Separately, World Health Organization experts have visited the market in Wuhan, central China, linked to the first known COVID-19 cluster, seeking clues about the beginning of the coronavirus outbreak as a number of nations further tightened restrictions in a bid to slow the spread of the pandemic.

France closed its borders to non-European countries except for essential travel, a day after Germany imposed a ban on most travellers from nations hit by new, more contagious coronavirus variants.

Globally more than 2 million people have died from the virus, with nearly 102 million cases recorded and 56 million recoveries.

Below are the latest updates:

10 mins ago (15:05 GMT)

Portugal virus surge ‘like a tsunami’

Germany’s defence ministry said it will send medical assistance to Portugal, which said on Saturday that only seven of 850 ICU beds set up for COVID-19 cases on its mainland were vacant.

It came after the Portuguese government had asked Berlin for help.

“The situation is only comparable to a tsunami in the sense of the number of infections that we are seeing on the rise for weeks,” Ricardo Baptista Leite, from the Catholic University of Portugal, told Al Jazeera.

“We’ve seen this ongoing now for [three] months, and …. only last Friday did we start to see a slowdown in the rise of new cases … following the closure of schools and a more strict lockdown that was imposed two weeks before.”

In total, Portugal has recorded 711,018 confirmed infections and 12,179 related deaths.

1 hour ago (13:50 GMT)

China sees uptick in cases

China recorded more than 2,000 new domestic cases of COVID-19 in January, the highest monthly total since the tail end of the initial outbreak in Wuhan in March of last year.

The National Health Commission said 2,016 cases were reported in January, a figure that does not include another 435 infected people who arrived from abroad. Two people died this month, the first reported COVID-related deaths in China in several months.

Most of the new cases have been in three northern provinces, including more than 900 infections in hardest-hit Hebei province. In the capital, Beijing, 45 cases were registered this month.

1 hour ago (13:52 GMT)

Thousands flout virus restrictions at Israel funeral

Thousands of ultra-Orthodox Jews have defied Israel’s coronavirus restrictions to attend a rabbi’s funeral, prompting Defence Minister Benny Gantz to demand an end to the community’s repeated breaking of lockdown rules.

A huge crowd, many not wearing masks, packed the streets in Jerusalem for the funeral of 99-year-old Rabbi Meshulam Dovid Soloveitchik, head of the influential Brisk yeshiva, or religious educational institute.

1 hour ago (13:53 GMT)

Egypt ‘receives’ first shipment of AstraZeneca vaccines

Egypt has received its first shipment of coronavirus vaccines developed by AstraZeneca and the University of Oxford, according to airport officials.

The 50,000-dose shipment arrived at Cairo international airport on a flight from Dubai, said the officials, who spoke on condition of anonymity because they were not authorised to brief the media.

Mohammed Awad Tag el-Din, Egypt’s presidential health adviser, said the shipment originated in the company’s factory in India.

1 hour ago (13:54 GMT)

Italy to relax COVID curbs in many regions

The Italian government has said it would ease coronavirus restrictions across much of the country from Monday, despite warnings from health experts that the move was risky given concerns over the spread of more contagious variants.

After a review of latest COVID-19 data, the health ministry said it was shifting 11 regions from orange to so-called yellow zones, giving inhabitants there greater freedom to travel and allowing bars and restaurants to reopen during the day.

In all, 16 regions will be in the lowest-risk yellow zone, and just four regions – Puglia, Sardinia, Sicily and Umbria – in the orange zone, together with the northern Bolzano province. Nowhere in Italy will be classified as a red zone, which brings with it stringent curbs on travel and business.

Symbolic rebuke comes amid growing Republican opposition to Senate trial of ex-president, set to begin next month.

A Republican legislator from the US state of South Carolina has been censured by the state branch of the party after he voted to impeach former United States President Donald Trump earlier this month.

Congressman Tom Rice was one of 10 Republicans in the US House of Representatives who voted in favour of impeaching Trump on January 13 for “incitement of insurrection” concerning the deadly riot at the US Capitol this month.

On Saturday, the South Carolina Republican Party (SCGOP) said it had formally censured Rice for his vote.

“We made our disappointment clear the night of the impeachment vote,” SCGOP Chairman Drew McKissick said in a statement shared on social media, about the symbolic rebuke.

“Trying to impeach a president, with a week left in his term, is never legitimate and is nothing more than a political kick on the way out the door.”

Today the SCGOP Executive Committee voted to formally censure Congressman Rice for his impeachment vote. See below for SCGOP Chairman @DrewMcKissick‘s full statement: pic.twitter.com/lNzDW80ljl

— South Carolina Republican Party (@SCGOP) January 30, 2021

Rice has been a staunch supporter of Trump during the former president’s term in the White House, but he said on January 13 that he voted for impeachment because the Capitol riot was “inexcusable”.

“I have backed this President through thick and thin for four years. I campaigned for him and voted for him twice. But, this utter failure is inexcusable,” Rice said in a statement at that time.

Trump’s impeachment for the Capitol insurrection – his second as president – has divided the Republican Party.

Republican Senator Mitt Romney has said he believes moving ahead with an impeachment trial in the US Senate is “appropriate”, while other Republicans have questioned the constitutionality of proceedings taking place when Trump is no longer in office.

Members of the party have also argued that impeachment would hurt an already deeply divided country and urged Democrats to drop their initiative.

But despite that opposition, the Democrat-controlled House sent the impeachment article to the Senate last week and Trump’s Senate trial is expected to begin in February.

To be convicted, the Senate needs a two-thirds majority of support. That means more than a dozen Republicans will need to join Democrats in voting in favour of impeachment.

Rice is not the only Republican who voted for impeachment to face backlash.

Liz Cheney, currently the number three Republican in the House of Representatives, has been censured by the Republican Party in at least three of the 23 counties in her home state of Wyoming.

She also faces growing calls to be stripped of her role as chair of the party’s conference.

House Representative Fred Upton has also been censured by the Republican Party in Allegan County, one of six counties in Upton’s Michigan district, for voting to impeach Trump.

COVIran Barekat jab shown to completely defuse the UK variant of coronavirus in its human trials, officials say.

Tehran, Iran – Iranian health officials say the country’s top COVID-19 vaccine candidate has been shown to work on the variant of the coronavirus first discovered in the United Kingdom.

Hassan Jalili, who oversees local vaccine production at Setad, a powerful state organisation under Supreme Leader Ayatollah Khamenei, said on Saturday that tests on the blood samples of volunteers who received two doses of COVIran Barekat have yielded promising results.

“Tests have shown that the blood plasma of the people who were injected with the vaccine in human trials is capable of completely defusing the mutated virus of the English corona[virus],” he said.

Minoo Mohraz, a senior member of the national coronavirus task force, also confirmed the news.

“The health ministry gave a sample of the English mutated virus that has a 70 percent higher infection rate to Setad researchers and tests on the blood plasma of the first three recipients of COVIran Barekat showed the virus was completely defused,” she said.

Earlier this week, Iran’s Health Minister Saeed Namaki said the seventh case of the UK variant was identified in Iran in a passenger from the Netherlands.

Iran injected its first three recipients of the local vaccine on December 29, the first of whom was the daughter of Setad’s chief and the other two top Setad executives, in an effort to boost trust.

Since then, 32 others have received at least one shot of the two-dose vaccine and all 56 of the initial candidates are on track to receive their first dose by late February.

Women take a selfie in a park in the capital Tehran [Majid Asgaripour/WANA via Reuters]

Locally manufactured

Setad officials have said they aim to produce one to two million doses of COVIran Barekat before the end of the current Iranian calendar year in late March and boost production to more than 10 million doses two months after that.

Several other locally manufactured vaccines are also in the works and officials have said they have a chance of reaching human trials.

Iran is also pursuing foreign vaccines from several avenues to start vaccinating health workers and vulnerable groups before the local vaccines are ready.

Earlier this week, Iran’s Foreign Minister Mohammad Javad Zarif announced during a diplomatic trip to Moscow that the Russian Sputnik V vaccine has been approved for emergency use in Iran.

The first doses of the vaccine will be delivered next week, Iran’s ambassador to Russia, Kazem Jalali, said on Saturday.

Iran is also trying to receive vaccines from COVAX, an initiative under the World Health Organization, and is negotiating with China and India for vaccines.

Khamenei banned imports of vaccines from the United States and the United Kingdom earlier this month, saying, “I don’t trust them.”

Throughout 2020, businesses, in general, have had their hands full with IT challenges. They had to rush to accommodate a sudden shift to remote work. Then they had to navigate a rapid adoption of automation technologies.

And as the year came to a close, more businesses began trying to assemble the safety infrastructure required to return to some semblance of normal in 2021.

But at the end of the year, news of a massive breach of IT monitoring software vendor SolarWinds introduced a new complication – the possibility of a wave of secondary data breaches and cyber-attacks. And because SolarWinds’ products have a presence in so many business networks, the size of the threat is massive.

So far, though, most of the attention is getting paid to large enterprises like Microsoft and Cisco (and the US Government), who were the primary target of the SolarWinds breach. What nobody’s talking about is the rest of the 18,000 or so SolarWinds clients who may have been affected. For them, the clock is ticking to try and assess their risk of attack and to take steps to protect themselves.

And because a number of the affected businesses don’t have the resources of the big guys, that’s a tall order right now.

So, the best many companies can do to take action right now is to make their networks a bit of a harder target – or at least to minimize their chances of suffering a major breach. Here’s how:

Begin with Basic Security Steps

The first thing businesses should do is make certain that their networks are as internally secure as possible. That means reconfiguring network assets to be as isolated as possible.

A good place to start is to make sure that any major business data lakes follow all security best practices and remain operationally separate from one another. Doing so can limit data exfiltration if unauthorized users gain access due to a security breach.

But that’s just the beginning. The next step is to segment network hardware into logical security VLANS and erect firewall barriers to prevent communications between them (where possible). Then, review the security settings of each group and make adjustments where necessary. Even hardening VoIP systems are worth doing, as you never know what part of a network will be used as an entry point for a broader attack.

And last but not least, review employee security practices and procedures. This is especially important after the rushed rollout of work-from-home policies. Make it a point to see that every employee is operating according to the established security standards and hasn’t picked up any poor operational security habits. For example, did anyone start using a VPN for free, believing they were improving their home network security?

If so, they need to stop and receive training to make better security judgments while they’re still working remotely.

Conduct a Limited Security Audit

One of the problems that businesses confront when trying to re-secure after a possible network breach is that there’s no easy way to tell what – if anything – the attackers changed after gaining access. To be certain, a lengthy and complex forensic examination is the only real option. But that can take months and can cost a fortune to conduct. For smaller businesses that aren’t even certain that a breach even happened to them, though, there’s a better approach.

It’s to take a limited sample of potentially affected systems and conduct a simple risk-limiting audit. Begin with at least two representative computers or devices from each business unit or department. Then, examine each for signs of an issue.

In general, you would look for:

• Disabled or altered security and antivirus software
• Unusual system log events
• Unexplained outgoing network connections
• Missing security patches or problems with automatic software updates
• Unknown or unapproved software installations
• Altered filesystem permissions

Although an audit of this type won’t guarantee nothing’s wrong with every device on your network, it will uncover signs of any major penetration that’s already taken place. For most small to medium-sized businesses, that should be enough in situations where there’s no clear evidence of an active attack in the first place.

Engage in Defensive Measures

After dealing with the network and its users, the next thing to do is deploy some defensive measures to help with ongoing monitoring and attack detection. An excellent place to start is to set up a honeypot within the network to give potential attackers an irresistible target. This not only keeps them busy going after a system that’s not mission-critical but also serves as an early warning system to administrators when a real attack does take place.

There are a variety of ways to accomplish this, ranging from pre-built system images all the way up to more sophisticated custom deployments. There are also cloud solutions available for situations where on-premises hardware is either inappropriate or undesirable. What’s important is to build a system that monitors for the exact kind of behavior that would indicate a problem within its environment.

A word of caution, though. Although a honeypot is built to be a target, that doesn’t mean it should be left completely vulnerable. The idea is to make it an attractive target, not an easy one. And, it’s crucial to make sure that it can’t be used as a stepping-stone to a bigger attack on actual production systems.

For that reason, it’s worth it to engage the services of a trained cybersecurity professional to help make sure the system doesn’t turn into a security liability instead of a valuable defensive measure.

Remain Vigilant

After taking the steps above, there’s nothing more to do but wait and watch. Unfortunately, there’s no better way to maintain a network’s security than by remaining ever-vigilant. And in a situation like the one unleashed by the SolarWinds hack, businesses, and IT organizations, in general, are at a significant disadvantage.

That’s because they’re facing an enemy that may or may not already be within the gates, meaning they can’t fall back on typical walled-garden security approaches.

So, as 2021 gets underway, the best thing any business can do is get their security house in order and try to limit the damage if they’ve already been breached.

It’s more than worth the effort in any case because the current threat environment is only going to get worse, not better. And the SolarWinds hack, as serious and wide-ranging as it is, won’t be the last major security crisis businesses have to face.

So, it’s time to buckle up because the new decade is going to be one heck of a ride, network security-wise – and it will pay to be ready for it.

US says Chinese military flights posed no threat to its Navy aircraft carrier but fit a pattern of aggressive behaviour by Beijing.

The US military has said that Chinese military flights in the past week in the South China Sea “at no time” posed any threat to a US Navy aircraft carrier strike group in the region, but fit a pattern of destabilising and aggressive behaviour by Beijing.

“The Theodore Roosevelt Carrier Strike Group closely monitored all People’s Liberation Army Navy (PLAN) and Air Force (PLAAF) activity, and at no time did they pose a threat to US Navy ships, aircraft, or sailors,” the US military’s Pacific Command said in a statement.

A US official, speaking on condition of anonymity, said the Chinese aircraft did not come within 250 nautical miles (463km) of the US Navy vessels.

China claims almost all the energy-rich waters of the South China Sea, where it has established military outposts on artificial islands. That claim has been declared as without legal basis by the International Court of Arbitration at The Hague.

Brunei, Malaysia, the Philippines, Taiwan and Vietnam also have claims to parts of the sea.

The waters have also become a flashpoint in the Sino-US relationship.

The United States regularly accuses China of militarising the South China Sea and trying to intimidate Asian neighbours who might want to exploit its extensive oil and gas reserves.

‘Freedom of navigation’

China, in turn, regularly bristles at US military activity in the region, saying on Monday that such actions are not conducive to peace and stability in the region.

The US Navy regularly conducts what it calls “freedom of navigation” operations by ships close to some of the islands China occupies, asserting freedom of access to international waterways, and in accordance with the 2016 ruling of The Hague.

The US Pacific Command renewed its pledge to continue operations in the region, where it has maintained long-running military alliances with China’s neighbours.

“The United States will continue to fly, sail and operate wherever international law allows, demonstrating resolve through our operational presence throughout the region,” Pacific Command said.

A Chinese naval helicopter prepares to land on board China’s frigate CNS Huangshan during exercises in the South China Sea in 2017 [Byron C Linder/US Navy handout via Reuters]

The latest run-in came just a week after China passed a new law that, for the first time, explicitly allows its coastguard to fire on foreign vessels that threaten its “national sovereignty, sovereign rights, and jurisdiction”.

China’s coastguard is the most powerful force of its kind in the region.

On Friday, former Philippine justice and international maritime law expert, Antonio Carpio, told the Manila-based Rappler news website that the new China law renders the code of conduct being negotiated by the Association of Southeast Asian Nations (ASEAN)  as “dead on arrival”.

The Philippines has already formally lodged a diplomatic protest on the matter.

Carpio urged ASEAN to go to the UN and declare the new Chinese law as void.

A “persistent attacker group” with alleged ties to Hezbollah has retooled its malware arsenal with a new version of a remote access Trojan (RAT) to break into companies worldwide and extract valuable information.

In a new report published by the ClearSky research team on Thursday, the Israeli cybersecurity firm said it identified at least 250 public-facing web servers since early 2020 that have been hacked by the threat actor to gather intelligence and steal the company’s databases.

The orchestrated intrusions hit a slew of companies located in the U.S., the U.K., Egypt, Jordan, Lebanon, Saudi Arabia, Israel, and the Palestinian Authority, with a majority of the victims representing telecom operators (Etisalat, Mobily, Vodafone Egypt), internet service providers (SaudiNet, TE Data), and hosting and infrastructure service providers (Secured Servers LLC, iomart).

First documented in 2015, Volatile Cedar (or Lebanese Cedar) has been known to penetrate a large number of targets using various attack techniques, including a custom-made malware implant codenamed Explosive.

Volatile Cedar has been previously suspected of Lebanese origins — specifically Hezbollah’s cyber unit — in connection with a cyberespionage campaign in 2015 that targeted military suppliers, telecom companies, media outlets, and universities.

The 2020 attacks were no different. The hacking activity uncovered by ClearSky matched operations attributed to Hezbollah based on code overlaps between the 2015 and 2020 variants of the Explosive RAT, which is deployed onto victims’ networks by exploiting known 1-day vulnerabilities in unpatched Oracle and Atlassian web servers.

Using the three flaws in the servers (CVE-2019-3396, CVE-2019-11581, and CVE-2012-3152) as an attack vector to gain an initial foothold, the attackers then injected a web shell and a JSP file browser, both of which were used to move laterally across the network, fetch additional malware, and download the Explosive RAT, which comes with capabilities to record keystrokes, capture screenshots, and execute arbitrary commands.

“The web shell is used to carry out various espionage operations over the attacked web server, including potential asset location for further attacks, file installation server configuration and more,” the researchers noted, but not before obtaining escalated privileges to carry out the tasks and transmit the results to a command-and-control (C2) server.

In the five years since the Explosive RAT was first seen, ClearSky said new anti-debugging features were added to the implant in its latest iteration (V4), with the communications between the compromised machine and the C2 server now encrypted.

While it’s not surprising for threat actors to keep a low profile, the fact that Lebanese Cedar managed to stay hidden since 2015 without attracting any attention whatsoever implies the group may have ceased operations for prolonged periods in between to avoid detection.

ClearSky noted that the group’s use of web shell as its primary hacking tool could have been instrumental in leading researchers to a “dead-end in terms of attribution.”

“Lebanese Cedar has shifted its focus significantly. Initially they attacked computers as an initial point of access, then progressed to the victim’s network then further progressing (sic) to targeting vulnerable, public facing web servers,” the researchers added.

Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app.

Dubbed “BlastDoor,” the improved sandbox system for iMessage data was disclosed by Samuel Groß, a security researcher with Project Zero, a team of security researchers at Google tasked with studying zero-day vulnerabilities in hardware and software systems.

“One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed ‘BlastDoor’ service which is now responsible for almost all parsing of untrusted data in iMessages,” Groß said. “Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base.”

The development is a consequence of a zero-click exploit that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security protections as part of a cyberespionage campaign targeting Al Jazeera journalists last year.

“We do not believe that [the exploit] works against iOS 14 and above, which includes new security protections,” Citizen Lab researchers who revealed the attack last month.

BlastDoor forms the core of those new security protections, per Groß, who analyzed the implemented changes over the course of a week-long reverse engineering project using an M1 Mac Mini running macOS 11.1 and an iPhone XS running iOS 14.3.

When an incoming iMessage arrives, the message passes through a number of services, chief among them being the Apple Push Notification Service daemon (apsd) and a background process called imagent, which is not only responsible for decoding the message contents but also for downloading attachments (through a separate service called IMTransferAgent) and handling links to websites, before alerting the SpringBoard to display the notification.

What BlastDoor does is inspect all such inbound messages in a secure, sandboxed environment, which prevents any malicious code inside of a message from interacting with the rest of the operating system or accessing user data.

Put differently, by moving a majority of the processing tasks — i.e., decoding the message property list and creating link previews — from imagent to this new BlastDoor component, a specially-crafted message sent to a target can no longer interact with the file system or perform network operations.

“The sandbox profile is quite tight,” Groß noted. “Only a handful of local IPC services can be reached, almost all file system interaction is blocked, any interaction with IOKit drivers is forbidden, [and] outbound network access is denied.”

What’s more, in a bid to delay subsequent restarts of a crashing service, Apple has also introduced a new throttling feature in the iOS “launchd” process to limit the number of tries an attacker gets when seeking to exploit a flaw by exponentially increasing the time between two successive brute-force attempts.

“With this change, an exploit that relied on repeatedly crashing the attacked service would now likely require in the order of multiple hours to roughly half a day to complete instead of a few minutes,” Groß said.

“Overall, these changes are probably very close to the best that could’ve been done given the need for backwards compatibility, and they should have a significant impact on the security of iMessage and the platform as a whole.”

As President Joe Biden’s administration tries to accelerate coronavirus vaccination drives, and get Democrats and Republicans in Congress to agree on a massive round of virus relief aid, another, perhaps more daunting partisan challenge looms for the new occupants of 1600 Pennsylvania Avenue – healing a fractured nation hooked on partisan news.

Fostering trust in the nation’s institutions – including the Fourth Estate – is key to binding up the wounds of the nation. But Americans are just as divided about where they get their news from as they are about the content of the news itself.

That means Biden has not only inherited a country reeling from a violent insurrection at the United States Capitol building a week before his inauguration, but a nation of people deeply distrustful of what the “other side” thinks, reads and watches.

Take, for example, the proliferation of the QAnon conspiracy theory, whose followers have been banned from social media platforms for believing, among other things, that Biden is part of a satanic cabal and will be ousted by former President Donald Trump in March.

The media’s challenge – how to cover a country where the truth no longer feels absolute – is staggering. But there is also the question of whether people will even tune in en masse.

Biden has already demonstrated he won’t be the middle-of-the-night tweeter his predecessor was, and his announcements so far have been more policy heavy than scandal heavy. So what will his administration mean for the media outlets that profit from political news — and is there any hope of bridging the US’s media divide?

Profits and polarisation

Like nearly every other industry, the news media saw an unprecedented year in 2020. Some outlets struggled as the global economic crisis tore into their already razor-thin profit margins. Newspapers saw a 42 percent decrease in advertising revenue in the second quarter of 2020 compared to the previous year, a study by the Pew Research Center found.

But with an audience of people stuck at home and hungry for news about the pandemic and politics, other news outlets experienced their best year ever.

“From 2019 to 2020 specifically, revenue and audience figures for the media have been vastly different,” Elisa Shearer, a Pew research associate focusing on journalism, told Al Jazeera. “For cable TV, Fox News’ ad revenue went up by 41 percent, and for network TV, ad revenue for nightly news went up 11 percent.”

The people who are in those political bubbles, it’s actually kind of a small number of the party overall. But they do tend to be more engaged with news overall: they’re paying more attention to lots of different topics and they’re more consistently opinionated on the left or right.

Elisa Shearer, Pew Research Center

But for some media outlets, 2020 — with its headline-gripping virus and a contentious presidential election — represented the continuation of an upward trend that began before Trump came on the scene but accelerated dramatically after he took office.

Conservative-leaning Fox News and the liberal-leaning New York Times both saw explosive audience growth during the Trump years. The Times announced it had hit seven million subscribers days before the November 8 election, writing that there was “little doubt that Donald J. Trump’s presidency has helped lift The Times’s subscription business”. Fox News, one of Trump’s favourite channels, clocked its highest ratings ever in 2020, marking its fifth straight year as the most-watched basic cable network.

But the Biden era is already causing a shift. From Election Day 2020 to Inauguration Day 2021, CNN eclipsed Fox as the most-watched cable news network, with 1.8 million total viewers to Fox’s 1.5 million, Nielsen ratings show, and part of that slump can be attributed to the rise of conservative news outlets that have positioned themselves on the far right.

Rise of far-right media

Howard Polskin began exploring right-wing media after Trump was elected in 2016. The tagline of the TheRighting.com, the website he now runs — “alerting liberal audiences to today’s headlines from the right” — is a testament to the US’s polarised media climate.

While far-right media outlets have always been there, Polskin said, “the Trump presidency validated them. What Trump was saying was echoing a lot of what they were reporting on and what their opinions were. And conversely, a lot of their reporting and what they were expressing would then get amplified by President Trump. So they kind of fed off each other.”

As Trump bucked norms that Fox upheld, visitors have increased at far-right websites. Fox.com’s year-over-year unique visitors fell 13 percent in December, while more conservative Newsmax.com registered a 148 percent increase in year-over-year unique visitors to its site the same month, according to ComScore data analysed by TheRighting.com. Far-right Gateway Pundit’s audience surged 199 percent in the same period, and Breitbart News Network saw a 42 percent increase, according to TheRighting.com’s analysis.

The far-right media diverged from mainstream conservative outlets in its coverage of the 2020 election results and the storming of the US Capitol by pro-Trump rioters on January 6 [File: Ahmed Gaber/Reuters]

The mainstream conservative media’s decision to recognise Biden’s electoral victory also put it at odds with far-right media, which continued to support Trump’s baseless claim that he had won. The chasm widened following the January 6 storming of the Capitol Building by Trump supporters that left at least five people dead.

“In days following the Capitol mayhem, I saw that about half the conservative websites I monitor on a daily basis condemned the insurrection,” Polskin said. “Sadly, I wasn’t surprised to find that many right-wing websites coughed up crazy theories and logic-free conclusions of the January 6 event. It’s a disturbing and twisted version of reality that has been playing for the last four years.”

But, Polskin said, while the facts are at odds, “the media environment is a perfect reflection of the polarisation that exists in our country today.”

Media bubbles

Research shows that while Americans are tuning in to their preferred news sources more, they’re tuning in to each others’ less. A report on media polarisation and the 2020 election by the Pew Research Center asked Americans about their trust or distrust in 30 different sources of political and election news, including newspapers, TV channels, websites and talk radio shows.

Tellingly, “none of the 30 sources is trusted by more than 50 percent of all US adults,” researchers wrote. The Democrats who were polled said they trusted 22 of the 30 news sources, while Republicans distrusted more than 20 of those same news sources.

“Democrats and Republicans really have very different media environments when it comes to political news,” Shearer explained, and the divide has deepened since Pew conducted a similar study in 2014.

Counter-protesters gesture at supporters of US President Donald Trump during demonstrations outside of the TCF Center in Detroit, Michigan days before the 2020 presidential election [File: Seth Herald/AFP]

Perhaps unsurprisingly, the chasm is widest between the poles of each party: liberal Democrats and conservative Republicans. Sixty-six percent of liberal Democrats in the Pew study said they trusted The New York Times, while only 10 percent of conservative Republicans did. In contrast, 75 percent of conservative Republicans trust Fox News, while 77 percent of liberal Democrats distrust it.

“When you take look at the far-back view looking at the two parties, we see about two in ten — about 20 percent of each party — are in this bubble,” Shearer said. “The people who are in those political bubbles, it’s actually kind of a small number of the party overall. But they do tend to be more engaged with news overall: they’re paying more attention to lots of different topics and they’re more consistently opinionated on the left or right.”

‘Intellectually honest’

It wasn’t just the big media players that saw their audiences grow during the Trump years, either. Smaller publishers of political news rode a wave of surging interest, including those producing newsletters on Substack, a platform favoured by independent writers and publishers.

Steve Hayes launched conservative political newsletter The Dispatch on Substack in October 2019. Hayes and his team projected they could reach 2,000 paying subscribers by the end of 2020. Instead, The Dispatch closed out last year with 20,000 paid subscribers.

The “dramatic growth” of The Dispatch is one that Hayes, the site’s CEO and editor, attributes in part to the site’s “intellectual honesty”.

“We’re conservatives — or centre-right — and we thought it important to level with people about where we’re coming from as we provide them fact-based news and analysis,” Hayes told Al Jazeera.

I think we’d all be a lot better off if people would vary their news diet and consume a variety of different outlets.

Steve Hayes, Editor and CEO, The Dispatch

“One of the problems with the mainstream media is the pretence that the reporters doing the work — often really good work — don’t have a world view,” he added.

Jill Filipovic writes a newsletter on Substack from her progressive feminist world view. The author of OK Boomer, Let’s Talk: How My Generation Got Left Behind, Filipovic launched her Substack offering two years ago and now writes for “a keyed-in — and opting-in — audience” of a few thousand subscribers, she said.

Although on different parts of the political spectrum, Filipovic and Hayes both cater to audiences seeking out a specific political viewpoint — and wanting to read more from it.

“A lot of folks seek out opinion writing for a deeper dive into issues they care about, or to learn something new,” Filipovic told Al Jazeera. “But others seem to primarily want to confirm their own views and reinforce their priors. Where it gets especially dangerous is when opinion masquerades as objective or balanced reporting.”

“Part of the challenge here is that most folks lack basic media literacy,” she added. “I can’t tell you how often I get emails complaining that I’m a ‘biased journalist’ in response to an op-ed, and it’s like, that’s an opinion editorial! It’s supposed to be biased.”

Hello from the other side

So how can Americans bridge the media divide? Diversifying the outlets they turn to is a start, Hayes said. While many of his site’s readers are conservatives, The Dispatch’s audience also includes people who “look to us to provide an understanding of what sane conservatives believe and why”.

“I think we’d all be a lot better off if people would vary their news diet and consume a variety of different outlets,” Hayes added. “We know that there’s a slice of our membership that is using us to do just that.”

Part of the challenge here is that most folks lack basic media literacy. I can’t tell you how often I get emails complaining that I’m a ‘biased journalist’ in response to an op-ed, and it’s like, that’s an opinion editorial! It’s supposed to be biased.

Jill Filipovic, author

Part of that, Filipovic said, requires sorting out reporting from opinion even in a polarised media environment.

“On the most basic level, I would love it if more readers understood the division between news and opinion, and sought out both,” she said. “A perfectly objective news source may not exist, but there are a great many news sources that strive to be fair and honest, and that have demanding editorial standards in the service of that goal.”

As for what the ratings and site traffic numbers will look like with Biden in the White House —that depends on how outlets choose to frame their politics coverage without the scandal-driven coverage of the Trump administration, Filipovic said.

“The challenge, I think, will be telling the story of how policy that gets made in Washington translates into the lives of average people in the US and overseas, including people who can’t vote in American elections,” she said. “Politics shapes all of our lives whether we care about it or not; that’s the story we need to tell over the next four years.”

As President Joe Biden’s administration tries to accelerate coronavirus vaccination drives, and get Democrats and Republicans in Congress to agree on a massive round of virus relief aid, another, perhaps more daunting partisan challenge looms for the new occupants of 1600 Pennsylvania Avenue – healing a fractured nation hooked on partisan news.

Fostering trust in the nation’s institutions – including the Fourth Estate – is key to binding up the wounds of the nation. But Americans are just as divided about where they get their news from as they are about the content of the news itself.

That means Biden has not only inherited a country reeling from a violent insurrection at the United States Capitol building a week before his inauguration, but a nation of people deeply distrustful of what the “other side” thinks, reads and watches.

Take, for example, the proliferation of the QAnon conspiracy theory, whose followers have been banned from social media platforms for believing, among other things, that Biden is part of a satanic cabal and will be ousted by former President Donald Trump in March.

The media’s challenge – how to cover a country where the truth no longer feels absolute – is staggering. But there is also the question of whether people will even tune in en masse.

Biden has already demonstrated he won’t be the middle-of-the-night tweeter his predecessor was, and his announcements so far have been more policy heavy than scandal heavy. So what will his administration mean for the media outlets that profit from political news — and is there any hope of bridging the US’s media divide?

Profits and polarisation

Like nearly every other industry, the news media saw an unprecedented year in 2020. Some outlets struggled as the global economic crisis tore into their already razor-thin profit margins. Newspapers saw a 42 percent decrease in advertising revenue in the second quarter of 2020 compared to the previous year, a study by the Pew Research Center found.

But with an audience of people stuck at home and hungry for news about the pandemic and politics, other news outlets experienced their best year ever.

“From 2019 to 2020 specifically, revenue and audience figures for the media have been vastly different,” Elisa Shearer, a Pew research associate focusing on journalism, told Al Jazeera. “For cable TV, Fox News’ ad revenue went up by 41 percent, and for network TV, ad revenue for nightly news went up 11 percent.”

The people who are in those political bubbles, it’s actually kind of a small number of the party overall. But they do tend to be more engaged with news overall: they’re paying more attention to lots of different topics and they’re more consistently opinionated on the left or right.

Elisa Shearer, Pew Research Center

But for some media outlets, 2020 — with its headline-gripping virus and a contentious presidential election — represented the continuation of an upward trend that began before Trump came on the scene but accelerated dramatically after he took office.

Conservative-leaning Fox News and the liberal-leaning New York Times both saw explosive audience growth during the Trump years. The Times announced it had hit seven million subscribers days before the November 8 election, writing that there was “little doubt that Donald J. Trump’s presidency has helped lift The Times’s subscription business”. Fox News, one of Trump’s favourite channels, clocked its highest ratings ever in 2020, marking its fifth straight year as the most-watched basic cable network.

But the Biden era is already causing a shift. From Election Day 2020 to Inauguration Day 2021, CNN eclipsed Fox as the most-watched cable news network, with 1.8 million total viewers to Fox’s 1.5 million, Nielsen ratings show, and part of that slump can be attributed to the rise of conservative news outlets that have positioned themselves on the far right.

Rise of far-right media

Howard Polskin began exploring right-wing media after Trump was elected in 2016. The tagline of the TheRighting.com, the website he now runs — “alerting liberal audiences to today’s headlines from the right” — is a testament to the US’s polarised media climate.

While far-right media outlets have always been there, Polskin said, “the Trump presidency validated them. What Trump was saying was echoing a lot of what they were reporting on and what their opinions were. And conversely, a lot of their reporting and what they were expressing would then get amplified by President Trump. So they kind of fed off each other.”

As Trump bucked norms that Fox upheld, visitors have increased at far-right websites. Fox.com’s year-over-year unique visitors fell 13 percent in December, while more conservative Newsmax.com registered a 148 percent increase in year-over-year unique visitors to its site the same month, according to ComScore data analysed by TheRighting.com. Far-right Gateway Pundit’s audience surged 199 percent in the same period, and Breitbart News Network saw a 42 percent increase, according to TheRighting.com’s analysis.

The far-right media diverged from mainstream conservative outlets in its coverage of the 2020 election results and the storming of the US Capitol by pro-Trump rioters on January 6 [File: Ahmed Gaber/Reuters]

The mainstream conservative media’s decision to recognise Biden’s electoral victory also put it at odds with far-right media, which continued to support Trump’s baseless claim that he had won. The chasm widened following the January 6 storming of the Capitol Building by Trump supporters that left at least five people dead.

“In days following the Capitol mayhem, I saw that about half the conservative websites I monitor on a daily basis condemned the insurrection,” Polskin said. “Sadly, I wasn’t surprised to find that many right-wing websites coughed up crazy theories and logic-free conclusions of the January 6 event. It’s a disturbing and twisted version of reality that has been playing for the last four years.”

But, Polskin said, while the facts are at odds, “the media environment is a perfect reflection of the polarisation that exists in our country today.”

Media bubbles

Research shows that while Americans are tuning in to their preferred news sources more, they’re tuning in to each others’ less. A report on media polarisation and the 2020 election by the Pew Research Center asked Americans about their trust or distrust in 30 different sources of political and election news, including newspapers, TV channels, websites and talk radio shows.

Tellingly, “none of the 30 sources is trusted by more than 50 percent of all US adults,” researchers wrote. The Democrats who were polled said they trusted 22 of the 30 news sources, while Republicans distrusted more than 20 of those same news sources.

“Democrats and Republicans really have very different media environments when it comes to political news,” Shearer explained, and the divide has deepened since Pew conducted a similar study in 2014.

Counter-protesters gesture at supporters of US President Donald Trump during demonstrations outside of the TCF Center in Detroit, Michigan days before the 2020 presidential election [File: Seth Herald/AFP]

Perhaps unsurprisingly, the chasm is widest between the poles of each party: liberal Democrats and conservative Republicans. Sixty-six percent of liberal Democrats in the Pew study said they trusted The New York Times, while only 10 percent of conservative Republicans did. In contrast, 75 percent of conservative Republicans trust Fox News, while 77 percent of liberal Democrats distrust it.

“When you take look at the far-back view looking at the two parties, we see about two in ten — about 20 percent of each party — are in this bubble,” Shearer said. “The people who are in those political bubbles, it’s actually kind of a small number of the party overall. But they do tend to be more engaged with news overall: they’re paying more attention to lots of different topics and they’re more consistently opinionated on the left or right.”

‘Intellectually honest’

It wasn’t just the big media players that saw their audiences grow during the Trump years, either. Smaller publishers of political news rode a wave of surging interest, including those producing newsletters on Substack, a platform favoured by independent writers and publishers.

Steve Hayes launched conservative political newsletter The Dispatch on Substack in October 2019. Hayes and his team projected they could reach 2,000 paying subscribers by the end of 2020. Instead, The Dispatch closed out last year with 20,000 paid subscribers.

The “dramatic growth” of The Dispatch is one that Hayes, the site’s CEO and editor, attributes in part to the site’s “intellectual honesty”.

“We’re conservatives — or centre-right — and we thought it important to level with people about where we’re coming from as we provide them fact-based news and analysis,” Hayes told Al Jazeera.

I think we’d all be a lot better off if people would vary their news diet and consume a variety of different outlets.

Steve Hayes, Editor and CEO, The Dispatch

“One of the problems with the mainstream media is the pretence that the reporters doing the work — often really good work — don’t have a world view,” he added.

Jill Filipovic writes a newsletter on Substack from her progressive feminist world view. The author of OK Boomer, Let’s Talk: How My Generation Got Left Behind, Filipovic launched her Substack offering two years ago and now writes for “a keyed-in — and opting-in — audience” of a few thousand subscribers, she said.

Although on different parts of the political spectrum, Filipovic and Hayes both cater to audiences seeking out a specific political viewpoint — and wanting to read more from it.

“A lot of folks seek out opinion writing for a deeper dive into issues they care about, or to learn something new,” Filipovic told Al Jazeera. “But others seem to primarily want to confirm their own views and reinforce their priors. Where it gets especially dangerous is when opinion masquerades as objective or balanced reporting.”

“Part of the challenge here is that most folks lack basic media literacy,” she added. “I can’t tell you how often I get emails complaining that I’m a ‘biased journalist’ in response to an op-ed, and it’s like, that’s an opinion editorial! It’s supposed to be biased.”

Hello from the other side

So how can Americans bridge the media divide? Diversifying the outlets they turn to is a start, Hayes said. While many of his site’s readers are conservatives, The Dispatch’s audience also includes people who “look to us to provide an understanding of what sane conservatives believe and why”.

“I think we’d all be a lot better off if people would vary their news diet and consume a variety of different outlets,” Hayes added. “We know that there’s a slice of our membership that is using us to do just that.”

Part of the challenge here is that most folks lack basic media literacy. I can’t tell you how often I get emails complaining that I’m a ‘biased journalist’ in response to an op-ed, and it’s like, that’s an opinion editorial! It’s supposed to be biased.

Jill Filipovic, author

Part of that, Filipovic said, requires sorting out reporting from opinion even in a polarised media environment.

“On the most basic level, I would love it if more readers understood the division between news and opinion, and sought out both,” she said. “A perfectly objective news source may not exist, but there are a great many news sources that strive to be fair and honest, and that have demanding editorial standards in the service of that goal.”

As for what the ratings and site traffic numbers will look like with Biden in the White House —that depends on how outlets choose to frame their politics coverage without the scandal-driven coverage of the Trump administration, Filipovic said.

“The challenge, I think, will be telling the story of how policy that gets made in Washington translates into the lives of average people in the US and overseas, including people who can’t vote in American elections,” she said. “Politics shapes all of our lives whether we care about it or not; that’s the story we need to tell over the next four years.”

The pressure on small to medium-sized enterprises to protect their organizations against cyberthreats is astronomical. These businesses face the same threats as the largest enterprises, experience the same (relative) damages and consequences when breaches occur as the largest enterprises but are forced to protect their organizations with a fraction of the resources as the largest enterprises.

Cybersecurity company Cynet just released findings from a survey of 200 CISOs in charge of small security teams (Download here) to shine “a spotlight into the challenges of small security teams everywhere.”

In addition to better understanding the challenges these CISOs face, the 2021 Survey of CISOs with Small Security Teams delves into the strategies CISOs will employ to ensure their organizations are protected from the ongoing onslaught of cyber threats – all while saddled with limited budgets and headcount.

The survey findings will also be presented in a live webinar, register here to attend.

Some Fascinating Findings

It was clear from the survey that CISOs with small security teams believe they are exposed to a higher risk than enterprises with larger security teams. These CISOs know they are being targeted with the same highly advanced threat and techniques as global enterprises, only a fraction of the budget and manpower.

63% of CISOs surveyed feel that their risk of attack is higher compared to larger Enterprises, who have larger teams, budgets, and tools in place. This sentiment is taking its toll, as a shocking 57% of CISOs admitted that their ability to protect their company is overtly lower than they would like it to be.

Consider that large global financial institutions typically spend over $500 million on cybersecurity annually with an IT security staff of several thousand employees. 70% of the CISOs in the survey have budgets of less than $1 million and five or fewer IT security specialists on staff.

While large global enterprises certainly have a much wider and deeper environment to protect, the threats are very similar, and therefore, the protections required are also similar. The surveyed companies simply do not have the budgets and bandwidth to protect themselves adequately. They know it, and the cybercriminals know it.

Top Challenges Protecting Against Cyber Threats

How Will These CISOs Protect Their Companies in 2021?

Beyond several additional insights regarding the current situation faced by CISOs with small security teams, the survey also delves into the plans these CISOs have for confronting cybersecurity in 2021. These CISOs know they have to do more with less and their overarching plans reflect it. 2021 initiatives fell into three main buckets.

Outsourcing

Roughly half of the companies are outsourcing threat detection and response to a Managed Detection and Response (MDR) service (53%), and the other half (47%) are using a Managed Security Services Provider (MSSP) service. One-third of those using an MDR said the most valuable service 24/7 critical alerts and monitoring. This approach makes sense as 47% of companies said their top challenge is that they don’t have adequate skills and experience to protect against cyber-attacks.

Automation

These CISOs know that they do not have sufficient staff to protect their organizations fully. 48% of CIOs revealed that they could have avoided some security incidents in 2020 if they had a bigger team. Unable to expand their teams, 80% of CISOs responded that they would like to invest more in automation, allowing their current teams to do more with less.

Consolidation

Almost half (49%) of the CISOs said that they need to consolidate security tools, and 43% felt that their team wasted time shifting between tool consoles. As a result, over this year, the CISOs will focus on consolidating security tools and platforms (61%) and replacing complex security technologies (52%).

This is also reflected in the fact that 38% of the CISOs plan to purchase an Extended Detection and Response (XDR) solution as it supports the automation, consolidation, and complexity reduction tactics prioritized by respondents.

Down, But Not Out

The tenacity exhibited by CISOs with small security teams is admirable. Based on the survey results, the CISOs know they have a daunting task ahead of them.

But, they are taking the proverbial bull by the horns and figuring out ways to improve their situation with the limited resources available.

If nothing else, the survey shows these struggling CISOs that they are in good company, fighting for the same things and forging into 2021 in lockstep with their brother and sister CISOs with small security teams.

Download the 2021 Survey for CISOs with small security teams here or register here to attend a live webinar

Creating workflows around verifying password resets can be challenging for organizations, especially since many have shifted work due to the COVID-19 global pandemic.

With the numbers of cyberattacks against businesses exploding and compromised credentials often being the culprit, companies have to bolster security around resetting passwords on user accounts.

How can organizations bolster the security of password resets for remote workers? One security workflow might involve having manager approval before IT helpdesk technicians can change a remote worker’s password. In this way, the user’s manager is involved in the process.

Additionally, some organizations might opt to allow managers themselves the ability to change end-user passwords. How can this be configured in Active Directory? Also, is there a more seamless solution for requiring manager approval for password resets?

Why password reset security is critical

This past year has undoubtedly created many IT helpdesk staff challenges, including supporting a workforce containing mainly remote workers. One of the difficulties associated with remote employees is a security challenge surrounding password resets.

Cybercriminals are increasingly using identity attacks to compromise environments. It often provides the “path of least resistance” into an environment. If valid credentials are compromised, this is often the easiest means to attack and compromise business-critical data and systems.

With employees working remotely, IT helpdesk technicians supporting account unlock and password changes no longer have a face-to-face interaction with employees working “inside” the on-premises environment.

Organizations may be large enough that IT technicians may not personally know each employee who may be working remotely. It introduces the possibility of an attacker impersonating a legitimate employee and social engineering helpdesk staff to reset a legitimate account password.

Additionally, a compromised end-user client device can lead to illegitimate password resets of end-user accounts.

Recognizing new identity threats facing organizations today, IT admins may want to get managerial approval for employee account password resets. This task may even be delegated to managers of end-users working in their departments. How can password resets by department managers quickly be configured using built-in features in Active Directory?

Delegating password reset permissions in Active Directory

Microsoft Active Directory contains a feature that allows delegating permissions to certain users or groups to carry out very granular tasks. These tasks include password resets. To configure delegation of password reset permissions, you can following the process below.

Beginning to configure the Delegate Control options in Active Directory

It launches the Delegation of Control Wizard, which first allows choosing a user or group you want to assign permissions. Here you click Add… to add a user or group. We have already added the group shown below – DLGRP_PasswordReset, a domain local group created in Active Directory. As a best practice, it is always better to use groups for managing permissions delegation. It allows quickly and easily adding or removing specific users without having to go through the permissions delegation wizard each time.

Choose the users and groups who will assume the permissions

On the Tasks to Delegate screen, under Delegate the following common tasks, choose Reset user passwords and force password change at the next logon option. Click Next.

Choosing the Reset user passwords and force password change at next logon option

Finish out the delegation of control wizard.

Complete the Delegation of Control Wizard

Assigning managers to reset passwords

Using the process shown above, administrators can add managers to the group delegated the reset passwords permission. It allows pointing to a specific user or group for delegating permissions to reset passwords.

As mentioned, it is always best practice when creating a permissions delegation in Active Directory to assign this to a group, even if you are delegating permissions to one user. Doing it this way makes the lifecycle management of the permissions delegation much more manageable.

However, the Active Directory group resource is fairly static in this context. Outside of Microsoft Exchange Server and dynamic distribution groups, Active Directory does not have a native way built-in to create dynamic security groups that are populated based on Active Directory attributes.

Is there a way to have dynamic security groups in Active Directory by using a scripted approach? Yes, there is. Using PowerShell and the get-aduser cmdlet and a few other Active Directory related PowerShell cmdlets, you can effectively query Active Directory for users containing specific characteristics and then add or remove those users from specific groups.

You can create custom PowerShell scripts to accomplish this. However, a couple of resources can quickly get you up to speed with a customized PowerShell script to adding and removing users from security groups based on user location, attributes, and other features.

Let’s think about a use case related to managerial approval for password resets. Suppose you wanted to grant managers the permissions to reset passwords. In that case, you could do some PowerShell scripting in conjunction with the delegation wizard and have an automated process to add and remove managers from Active Directory into a group configured for password resets.

Notice the following PowerShell resources for this:

Below is an example based on the Windows OSHub code of how you could use PowerShell and search for “Manager” in the title attribute.

You could schedule the above PowerShell script to run at scheduled intervals with a scheduled task to add or remove users from the group delegated password reset permissions dynamically.

Specops uReset – A better approach to password reset manager approvals

Specops Software provides a much better automated approach to enable manager approval for password resets. Specops uReset is a fully-featured self-service password reset (SSPR) solution that allows end-users to reset their passwords securely.

Also, with Specops uReset, you can add the ability for Manager Identification. When a user authenticates with Manager Identification, the authentication request sends to their manager in the form of a text message or email communication. The manager of the user must then confirm the user’s identity for approving the password reset request.

It dramatically enhances the security of password reset functionality since two people are involved. It also helps to provide a change control workflow for password reset requests and an audit trail.

There are two requirements needed by Specops to use the manager approval:

• Each user account must have a manager assigned to them in Active Directory.
• Each manager account must have an email address/mobile phone number associated with their account in Active Directory, to be able to receive authentication requests from users.

To assign a manager using PowerShell to all the Active Directory group members, you can use the following Powershell code.

get-aduser -filter “department -eq ‘Accounting’ -AND samaccountname | set-aduser -manager jdoe

In the Specops uReset administration Identity Services configuration, you can configure Manager Identification. You can select between email and text notifications.

Configuring Manager Identification in Specops uReset

Wrapping Up

Securing password resets is a critical area of security organizations need to address for securing remote end-user accounts. While you can use a scripted PowerShell approach to create dynamic Active Directory security groups, it can be problematic to maintain and doesn’t scale very well.

Specops uReset provides an easy way to implement self-service password resets (SSPR) with additional security checks such as manager approval. Using Specops uReset, businesses can easily require managers to approve password reset requests for end-users.

Learn more about Specops uReset self-service password resets with manager approval features.

Under scheme that comes into effect on Sunday, Hong Kong people with BN(O) status will have path to UK citizenship.

Britain’s government said on Friday it was standing by the people of its former colony Hong Kong in the face of a Chinese crackdown as it prepared to launch a settlement scheme that could allow millions of the territory’s people to live permanently in the United Kingdom.

People with British National (Overseas) status – a legacy of UK rule over Hong Kong up to 1997 – will be able to apply to live and work in the UK for up to five years, and eventually seek citizenship, under rules that were changed after China imposed the National Security Law on the territory last year.

Before the change, which takes effect on Sunday, people with BN(O) status could only visit the UK for up to six months and were not allowed to work or settle.

“I am immensely proud that we have brought in this new route for Hong Kong BN(O)s to live, work and make their home in our country,” Prime Minister Boris Johnson said in a statement.

“In doing so we have honoured our profound ties of history and friendship with the people of Hong Kong, and we have stood up for freedom and autonomy – values both the UK and Hong Kong hold dear.”

China says the path to citizenship offered by the UK is a violation of international law and interferes with its internal affairs.

Any Hong Kong resident born before 1997 is eligible for BN(O) status and the new rules mean an estimated 2.9 million adults in Hong Kong and a further 2.3 million dependents could be eligible to move to the UK. Hong Kong has a population of about 7.5 million people.

During mass demonstrations in Hong Kong in 2019, rallies in London urged the UK government to do more to help people in the former British colony [File: Henry Nicholls/Reuters]

The new pathway is not cheap.

A five-year visa costs 250 British pounds ($340) for each person. But a mandatory surcharge to access Britain’s state-run health service will run to 3,120 British pounds ($4,280) per adult, and 2,350 British pounds ($3,224) for those under the age of 18.

Shorter, cheaper visas for 30 months will also be available.

“We have been clear we won’t look the other way when it comes to Hong Kong. We will live up to our historic responsibility to its people,” Foreign Secretary Dominic Raab said.

“China’s imposition of the National Security Law in Hong Kong constitutes a clear and serious breach of the (pre-handover) Sino-British Joint Declaration contrary to international law.”

Crackdown fears

China imposed the security law on June 30 last year, broadly focusing on acts Beijing deems secession, subversion, terrorism or collusion with foreign forces.

The legislation followed months of pro-democracy protests that were marked by increasing violence towards the end of 2019, but had calmed in 2020 as a result of the measures imposed to tackle the coronavirus pandemic.

Since the law was passed, the territory’s pro-democracy activists and politicians – including those elected to the Legislative Council, Hong Kong’s mini parliament, have been detained. January has been marked by a series of mass arrests. Jimmy Lai, a media tycoon and China critic, is among the most prominent people facing charges under the law.

As well as the UK, some other Western countries also relaxed immigration rules in relation to Hong Kong after the security law was imposed.

Between July and this month, about 7,000 people with BN(O) status and their families have already been allowed to remain in the UK.

The British government expects more than 300,000 people and their dependents to take advantage of the BN(O) offer.

U.S. and Bulgarian authorities this week took control of the dark web site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims.

“We are striking back against the growing threat of ransomware by not only bringing criminal charges against the responsible actors, but also disrupting criminal online infrastructure and, wherever possible, recovering ransom payments extorted from victims,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division.

“Ransomware victims should know that coming forward to law enforcement as soon as possible after an attack can lead to significant results like those achieved in today’s multi-faceted operation.”

In connection with the takedown, a Canadian national named Sebastien Vachon-Desjardins from the city of Gatineau was charged in the U.S. state of Florida for extorting $27.6 million in cryptocurrency from ransom payments.

Separately, the Bulgarian National Investigation Service and General Directorate Combating Organized Crime seized a dark web hidden resource used by NetWalker ransomware affiliates — i.e., cybercrime groups responsible for identifying and attacking high-value victims using the ransomware — to provide payment instructions and communicate with victims.

Visitors to the website will now be greeted by a seizure banner notifying them that it has been taken over by law enforcement authorities.

Chainalysis, which aided in the investigation, said it has “traced more than $46 million worth of funds in NetWalker ransoms since it first came on the scene in August 2019,” adding “it picked up steam in mid-2020, growing the average ransom to $65,000 last year, up from $18,800 in 2019.”

In recent months, Netwalker emerged as a popular choice of ransomware strain besides Ryuk, Maze, Doppelpaymer, and Sodinokibi, with numerous companies, municipalities, hospitals, schools, and universities targeted by the cybercriminals to extort victims.

Before the takedown, the NetWalker administrator, who goes by the moniker “Bugatti” on darknet forums, is said to have posted an advertisement in May 2020 looking for additional Russian-speaking affiliates as part of a transition to a ransomware-as-a-service (RaaS) model, using the partners to compromise targets and steal data before encrypting the files.

The NetWalker operators have also been part of a growing ransomware trend called double extortion, where the attackers hold the stolen data hostage and threaten to publish the information should the target refuse to pay the ransom.

“After a victim pays, developers and affiliates split the ransom,” the U.S. Department of Justice (DoJ) said.

Chainalysis researchers suspect that besides involving in at least 91 attacks using NetWalker since April 2020, Vachon-Desjardins worked as an affiliate for other RaaS operators such as Sodinokibi, Suncrypt, and Ragnarlocker.

The NetWalker disruption comes on the same day that European authorities announced a coordinated takedown targeting the Emotet crimeware-as-a-service network. The botnet has been used by several cybercrime groups to deploy second-stage malware — most notably Ryuk and TrickBot.